diff --git a/src/share/classes/sun/net/httpserver/ChunkedInputStream.java b/src/share/classes/sun/net/httpserver/ChunkedInputStream.java
index 4adab7d52edd7d689f4a26d9beb868b908ec0b3b..387ec1c8e62ef144fd79b9b2988b15cae60cee8f 100644
--- a/src/share/classes/sun/net/httpserver/ChunkedInputStream.java
+++ b/src/share/classes/sun/net/httpserver/ChunkedInputStream.java
@@ -41,8 +41,12 @@ class ChunkedInputStream extends LeftOverInputStream {
 
     private boolean needToReadHeader = true;
 
-    static char CR = '\r';
-    static char LF = '\n';
+    final static char CR = '\r';
+    final static char LF = '\n';
+    /*
+     * Maximum chunk header size of 2KB + 2 bytes for CRLF
+     */
+    private final static int MAX_CHUNK_HEADER_SIZE = 2050;
 
     private int numeric (char[] arr, int nchars) throws IOException {
         assert arr.length >= nchars;
@@ -73,10 +77,14 @@ class ChunkedInputStream extends LeftOverInputStream {
         char[] len_arr = new char [16];
         int len_size = 0;
         boolean end_of_len = false;
+        int read = 0;
 
         while ((c=in.read())!= -1) {
             char ch = (char) c;
-            if (len_size == len_arr.length -1) {
+            read++;
+            if ((len_size == len_arr.length -1) ||
+                (read > MAX_CHUNK_HEADER_SIZE))
+            {
                 throw new IOException ("invalid chunk header");
             }
             if (gotCR) {
diff --git a/src/share/classes/sun/net/www/http/ChunkedInputStream.java b/src/share/classes/sun/net/www/http/ChunkedInputStream.java
index 3dd445e74880e70ab97eab155c0586dc134c7763..af45752206f7fd8f198b426a9ce9f56177d89e0e 100644
--- a/src/share/classes/sun/net/www/http/ChunkedInputStream.java
+++ b/src/share/classes/sun/net/www/http/ChunkedInputStream.java
@@ -125,6 +125,11 @@ class ChunkedInputStream extends InputStream implements Hurryable {
      */
     private boolean closed;
 
+    /*
+     * Maximum chunk header size of 2KB + 2 bytes for CRLF
+     */
+    private final static int MAX_CHUNK_HEADER_SIZE = 2050;
+
     /**
      * State to indicate that next field should be :-
      *  chunk-size [ chunk-extension ] CRLF
@@ -290,6 +295,10 @@ class ChunkedInputStream extends InputStream implements Hurryable {
                             break;
                         }
                         pos++;
+                        if ((pos - rawPos) >= MAX_CHUNK_HEADER_SIZE) {
+                            error = true;
+                            throw new IOException("Chunk header too long");
+                        }
                     }
                     if (pos >= rawCount) {
                         return;